f1179fd085
- fixed CVE-2012-2147 (bnc#759910) - new upstream version <1.4.5> * bugfix release - new upstream version <1.4.4> - new upstream release <1.4.3> - new upstream release <1.4.2> - new upstream release <1.4.1> - new upstream release <1.4.0> - add UTF8 patch - new upstream release <1.2.6> - new upstream release <1.2.5> - Fixed missing /sbin/rcmunin-node - First build for packman - 1.2.3 release - 1.2.2 release - Fixed SF bug 1164481 (missing /srv/www/htdocs/munin) OBS-URL: https://build.opensuse.org/package/show/server:monitoring/munin?expand=0&rev=2
40 lines
1.5 KiB
Diff
40 lines
1.5 KiB
Diff
diff --git a/common/lib/Munin/Common/Config.pm b/common/lib/Munin/Common/Config.pm
|
|
index 81b1dc8..76ff088 100644
|
|
--- a/common/lib/Munin/Common/Config.pm
|
|
+++ b/common/lib/Munin/Common/Config.pm
|
|
@@ -37,6 +37,7 @@ my %legal = map { $_ => 1 } (
|
|
"cdef_name", "graphable", "process", "realname",
|
|
"onlynullcdef", "group_order", "pipe", "pipe_command",
|
|
"unknown_limit", "num_unknowns", "dropdownlimit",
|
|
+ "max_size_x", "max_size_y",
|
|
"max_graph_jobs", "max_cgi_graph_jobs", "munin_cgi_graph_jobs",
|
|
"max_html_jobs", "num_messages");
|
|
|
|
diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in
|
|
index 72a13ba..f09ca17 100755
|
|
--- a/master/_bin/munin-cgi-graph.in
|
|
+++ b/master/_bin/munin-cgi-graph.in
|
|
@@ -265,6 +265,22 @@ sub verify_parameters
|
|
exit 1;
|
|
}
|
|
}
|
|
+
|
|
+ # Checks the image size requested.
|
|
+ if (( CGI::param("size_x") || "") =~ m/^(\d+)/) {
|
|
+ my $max_size_x = ( $config->{max_size_x} || 4000);
|
|
+ if ($1 > $max_size_x) {
|
|
+ print STDERR "Warning: Asked image size x too large : $1 > $max_size_x. Bailing out.\n";
|
|
+ exit 1;
|
|
+ }
|
|
+ }
|
|
+ if (( CGI::param("size_y") || "") =~ m/^(\d+)/) {
|
|
+ my $max_size_y = ($config->{max_size_y} || 4000);
|
|
+ if ($1 > $max_size_y) {
|
|
+ print STDERR "Warning: Asked image size y too large : $1 > $max_size_y. Bailing out.\n";
|
|
+ exit 1;
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
|